[Asterisk-Users] running * on a VPN gateway

Ian Blenke icblenke at nks.net
Wed Sep 10 12:23:08 MST 2003


Lee Goodman wrote:
> Could the bindaddr=x.x.x.x be a way to make * work through a NAT?
> 
> I have * and a few 7960 phones behind a NAT. I am trying to register with a
> proxy on the outside of the NAT. Registration is ok, but the VIA field has
> my inside NAT ip address (192. 168.0.7). So the proxy doesn't know how to
> send a call to *. Would adding my outside NAT ip address to the bindaddr
> statement cause the * to put the outside address in the VIA field???

Use "fromdomain=" in your sip.conf entry for your external proxy to 
override this.

>>If like me you run * on a VPN (or multihomed) gateway and want to serve
>>remote SIP clients, make sure you have
>>
>>bindaddr = 192.168.0.1 ; or whatever is your box's private IP
>>
>>otherwise * might bind to its public IP and send it as return address in
>>the SIP call setup, which will (should) be rejected by your firewall.
>>
>>To * experts: might this setting interfer with NATed SIP clients?

There appear to be real issues with multi-homed Asterisk installs in 
more than simple call appearances in the SIP messages.

At one point in testing with a recent CVS build (while bound to 
0.0.0.0), I was getting SIP messages from the public IP interface and 
RTP streams *from* the private IP interface, resulting in one-way audio 
(the called party could hear me, I could not hear them). Very confusing, 
to say the least.

-- 
- Ian C. Blenke <icblenke at nks.net>
(This message bound by the following:
http://www.nks.net/email_disclaimer.html)





More information about the asterisk-users mailing list